_______________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 1 Number 4
It’s vigilante phun day! How
get Usenet spammers kicked off their ISPs.
_______________________________________________________
How do you like it when your sober news groups get hit with
900 number sex ads and Make Money Fast pyramid schemes? If no
one ever made those guys pay for their effrontery, soon Usenet
would be inundated with crud.
It’s really tempting, isn’t it, to use our hacking
knowledge to blow these guys to kingdom come. But many times
that’s like using an atomic bomb to kill an ant. Why risk
going to jail when there are legal ways to keep these vermin
of the Internet on the run?
This issue of Happy hacker will show you some ways to fight
Usenet spam.
Spammers rely on forged email and Usenet posts. As we learned
in the second Guide to (mostly) Harmless Hacking, it is easy
to fake email. Well, it’s also easy to fake Usenet posts.
*****************
Newbie Note #1: Usenet is a part of the Internet consisting of
the system of on-line discussion groups called "news groups."
Examples of news groups are rec.humor, comp.misc, news.announce.newusers,
sci.space.policy, and alt.sex. There are well over 10,000 news
groups. Usenet started out in 1980 as a Unix network linking
people who wanted -- you guessed it -- to talk about Unix. Then
some of the people wanted to talk about stuff like physics, space
flight, barroom humor, and sex. The rest is history.
*****************
Here’s a quick summary of how to forge Usenet posts.
Once again, we use the technique of telnetting to a specific
port. The Usenet port usually is open only to those with accounts
on that system. So you will need to telnet from your ISP shell
account back into your own ISP as follows:
telnet news.myISP.com nntp
where you substitute the part of your email address that follows
the @ for “myISP.com.” You also have the choice of
using “119” instead of “nntp.”
With my ISP I get this result:
Trying 198.59.115.25 ...
Connected to sloth.swcp.com.
Escape character is '^]'.
200 sloth.swcp.com InterNetNews NNRP server INN 1.4unoff4
05- Mar-96 ready (posting)
Now when we are suddenly in a program that we don’t know
too well, we ask for:
help
And we get:
100 Legal commands
authinfo user Name|pass Password|generic <prog>
<args>
article [MessageID|Number]
body [MessageID|Number]
date
group newsgroup
head [MessageID|Number]
help
ihave
last
list [active|newsgroups|distributions|schema]
listgroup newsgroup
mode reader
newgroups yymmdd hhmmss ["GMT"] [<distributions>]
newnews newsgroups yymmdd hhmmss ["GMT"]
[<distributions>]
next
post
slave
stat [MessageID|Number]
xgtitle [group_pattern]
xhdr header [range|MessageID]
xover [range]
xpat header range|MessageID pat [morepat...]
xpath MessageID
Report problems to <usenet@swcp.com>
Use your imagination with these commands. Also, if you want
to forge posts from an ISP other than your own, keep in mind
that some Internet host computers have an nntp port that requires
either no password or an easily guessed password such as “post.”
But-- it can be quite an effort to find an undefended nntp port.
So, because you usually have to do this on your own ISP, this
is much harder than email forging.
More how to fight spam --->>
